Data theft from computers is a serious risk in many organizations. The common use of data storage devices such as USB flash drives, digital cameras, media players and mobile phones that can be easily interfaced with any PC is big security challenge to most organizations. Users may easily download huge number of files in few seconds without leaving any traces. Data theft from computer systems may disclose secret military plans, private medical records, bank accounts information, insurance data, customer database or any other type of data that may be sold or used against the organization interests. Another risk is the data import (or upload) from storage devices that may load hostile code into the organization computing system, or false information. A single event of unauthorized data import into the organization network may cause complete system failure for few hours or even few days. Data Loss Prevention (DLP) becomes a common practice or even mandatory in many high security organizations including: financial, health-care, government and defense.
Over the past years there were several common strategies to secure computer peripheral ports:    1. Security policy regarding mass storage devices.            Some organizations prohibit users from entering the facility carrying mass storage devices, and some conduct searches at the entrance/exit gates. While this method may be efficient deterrent, it is enough that one employee will bring one device to cause severe damage to the whole organization. Additionally, mass storage devices may be easily concealed or disguised.            2. Physical removal or cover of unused ports.            Many organizations are using brute force to remove unused peripheral ports from computers that they are purchasing. While this method reduces the risks of open ports, it still allows users to remove allowed peripheral such as keyboard or mouse and plug unauthorized peripheral such as portable mass storage device. It is also expensive task to treat every purchased computer and may void the manufacturer's warranty.            3. USB ports protection by software.            This method is in extensive use today and it enables complete port disable, or specific port filtering. Organizations may use these software applications to enable only keyboard and mouse to be attached to their computers. One major drawback of any software protection is that it may be disabled or modified by a sophisticated attacker with relative ease. Commercial products for software protection of USB ports are available.            4. Use of secure KVM (Keyboard Video Mouse) to secure coupled computers peripheral ports.            Several secure KVM units are offering full peripheral ports protection through emulation and unidirectional flow diodes. Combining with USB ports physical or software protection, this method may be used to protect peripheral ports. Another potential option used today is that the PC is located in a secure place or locked from user access while only secure KVM with protected ports is accessible. While this method is relatively secured and efficient, it is generally applicable for users using multiple computers.        
PCT patent application WO2011145095; titled “Computer motherboard having peripheral security functions”; to Soffer Aviv; discloses a secure motherboard for a computer, wherein each user-accessible peripheral port is protected by hardware-based peripheral protection circuitry soldered to the motherboard. The protection circuitry provides security functions decreasing the vulnerability of the computer to data theft. User input ports such as keyboard and mouse peripheral ports are coupled to the computer through a security function that enforce unidirectional data flow only from the user input devices to the computer. Display port uses a security function which isolates the EDID in the display from the computer. Authentication device such as smart card reader is coupled to the computer via a port having a security function which enumerates the authentication device before coupling it to the computer.
Computer networks in many organizations are continuously challenged by various security threats. The popularity of the internet and the availability of portable mass-storage devices introduce severe internal and external threats to most organizations. Defense and government organizations with higher security networks are forced to isolate their secure networks from other less secure networks thus creating a situation that a single organization or a single employee need to operate in several different isolated networks having different security levels. Isolation between these networks is a key concern as any leakage of data between two networks may cause catastrophic results to the organization involved.
PCT patent application WO2012095852; titled “Secure KM switch”; to Soffer Aviv; discloses a system enabling a computer user to securely share a single set of Keyboard and Mouse (KM) among multiple isolated computers. As isolated computers may have different security levels, the method and apparatus prevents potential data leakages between computers and coupled networks.
PCT patent application WO2011104715; titled “Secure KVM system having remote controller-indicator”; to Soffer Aviv; discloses a Keyboard Video and Mouse (KVM) switch capable of providing secure remote extension of KVM control and indication functions. The secure KVM provides a secure remote extension of the complete user console with support of: remote keyboard, mouse, one or more displays, smart-card reader, audio devices, KVM control and KVM monitoring.
General background information regarding data transmission over analog telephone lines may be found in open Internet sources.
It should be noted that sophisticated modulation techniques used in MODEMs (MOdulator DEModulator) which were popular in the late 1990's achieved data transmission rate of 56 k baud (56,000 bits per second) over a telephone lines having only 3,700 Hz (300-4,000 Hz) bandwidth over kilometers of twisted-pair electric wires. This represents “Frequency Efficiency” (FE) of ˜15. FE is defined as bit-rate divided by bandwidth of the transmission channel. FE strongly depends on the Signal to Noise Ratio (SNR) of the transmission line. For high quality channels, larger FE may be achieved. When no noise and no interference are present on the line, the FE may depends on the effective number of bits used in the Digital to Analog Converter (DAC) used for producing the analog signal at the transmitter end and the Analog to Digital Converter (ADC) used for digitizing the signal at the receiving end of the channel.
For example, “J-QAM, A QAM soundcard modem” is software for converting a standard sound board into a data transmitting/receiving MODEM. The software, which is available to be downloaded from the Internet, is said to enable the use the soundcard to send and receive data by implementing the QAM modulation scheme. Data can be two ways or one way. Any sort of data can be sent, Files, Video, Audio, WebPages etc. It features: Speeds up to 400 kbs with a sound card. Supports QAM16 and QAM64, Eight state TCM encoding. Includes: Interleaved RS forward error correction, Blind equalization, frequency tracking, and Blind carrier frequency and symbol rate detection. QAM is but one modulation technology. OFDM, ADSL and CDMA may also be used.
General information regarding sound quality of modern computers may be found in open Internet sources.
The specifications of the input and output audio channels of conventional PC depend on the type of sound card, or the on-board sound channels used. While top of the line sound cards may reach 192 kHz bandwidth and 32 bits resolution, the typical PC has at least Compact Disk (CD) quality specifications of 44 kHz, 24 bits, stereo input and output channels.
General information regarding computer audio connectors may be found in open Internet sources. The most popular connector is the fully analog 3.5 mm phone connector; these connectors are also often called (mini-)stereo plugs or headphone plugs.
General information regarding efficient compression of audio data representing human speech may be found in open Internet sources.
Modern vocoders (VOice enCODER) can code, transmit, decode and faithfully reproduce human speech using as little as 1,200 bps (Bits Per Second) data rate. Lower bit-rates (600 and down to 200 bps) were demonstrated with varying voice quality, but with reasonable intelligibility.
Vocoders are available as software packages to be executed on the PC's processor, or as dedicated hardware such as ASICS. For example, the AMBE-2020™ Vocoder Chip (Digital Voice Systems, Inc. 234 Littleton Road, Westford, Mass. 01886, USA) is an extremely flexible, high-performance half-duplex voice compression solution that provides exceptional voice quality at rates as low as 2,000 bps. The AMBE-2020™ Vocoder Chip is a low cost, DSP-based voice codec for half-duplex real and non-real time voice compression applications.
General information regarding USB protocol may be found in open Internet sources. It should be noted that popular USB protocol, is capable of high speed data transfer. For example USB 1, released in 1996, specified data rates of 1.5 Mbit/s (Low-Bandwidth) and 12 Mbit/s (Full-Bandwidth). USB 2.0, Released in 2000, added higher maximum signaling rate of 480 Mbit/s.
Streaming video is in wide use by many individual computer users and many organizations. Streaming video is used for various applications today: from entertainment, to video conferencing, on-line events, training, industrial control, remote sensing and security camera feeds. The use of streaming video in modern organizations causes major information security concerns as video is delivered over IP traffic and IP traffic may contain malicious code. Such malicious code inserted into incoming traffic may infect internal organization networks with viruses and Trojans. Code inserted into outbound video traffic may be used to leak classified information to interested parties outside the organization. To reduce the risks involved with inbound streaming video traffic most organizations are using firewalls with preprogrammed set of policies to handle video traffic.
United States Patent Application 20050283536; to Swanson, Jon N. et al; titled “Real time streaming data communications through a security device”; discloses a method of for connecting a plurality of clients to one another over a computer network for communication of real-time streaming data to one another, with at least one of the clients being separated by a security device from the network.
Details some of the risks and difficulties involving video streaming were published on the Interned and in the press.